<?php
	/*
	 * File: auth_inc.php
	 * Last modification: 28.07.2011
	 * Author(s): kivio.wanderley
	 * 
	 */
?>
	
<?php /** MAIN PHP CODE */
	
	/**
	 * Get user ID from database by the given name.
	 * @param  (string) $p_user Username;
	 * @return A database string with user ID on success or an error is triggered.
	 */
	function auth_get_user_id_by_name( $p_user ) {
		$t_user = $p_user;
		
		$t_query = "SELECT usuario_id AS user_id
					FROM tb_login
					WHERE user = $t_user;";
		$t_result = datab_query($t_query);	

		# If result got en error
		if(is_string($t_result)) { trigger_error($t_result, E_ERROR); }
		
		# If result got more than one result
		if( sizeof($t_result) > 1 ) { trigger_error("MORE THAN ONE RESULT", E_ERROR); }

		return $t_result[0]['user_id'];
	}
	
	/**
	 * Get user information username and access level.
	 * @param (string) $p_user_id User ID;
	 * @return Array with user information on success or an error is triggered.
	 */
	function auth_get_user_row( $p_user_id ) {
		$t_id = $p_user_id;
		
		$t_query = "SELECT usuario_id AS id, user AS user, nivel AS access
					FROM tb_login
					WHERE usuario_id = $t_id;";
		$t_result = datab_query($t_query);	
		
		# If result got en error
		if(is_string($t_result)) { trigger_error($t_result, E_ERROR); }
		
		# If result got more than one result
		if( sizeof($t_result) > 1 ) { trigger_error("MORE THAN ONE RESULT", E_ERROR); }

		return $t_result[0];
	}

	/**
	 * Authenticates user by ID and password given.
	 * @param (string) $p_user_id User ID;
	 * @param (string) $p_pass Password;
	 * @return True on success or false otherwise.
	 */
	function auth_user_pass( $p_user_id, $p_pass ) {
		$t_pass = $p_pass;
		
		$t_query = "SELECT usuario_id AS user_id
					FROM tb_login
					WHERE pass = $t_pass AND usuario_id = $p_user_id;";
		$t_result = datab_query($t_query);	

		# If result got en error
		if(is_string($t_result)) { trigger_error($t_result, E_ERROR); }
		
		# If result got more than one result
		if( sizeof($t_result) > 1 ) { trigger_error("MORE THAN ONE RESULT", E_ERROR); }
	
		if( $p_user_id == $t_result[0]['user_id'] ) 
			return true;
		else 
			return false;
	}
	
	/**
	 * Compare if the access levels are equals.
	 * @param (string) $p_user_id Current user ID to get access;
	 * @param (string) $p_access Access level to compare or the permissions title array;
	 * @return True if equals, false otherwise.
	 */
	function auth_compare_access( $p_user_id, $p_access ) {
		$t_access = $p_access;
		
		$t_query = "SELECT nivel AS access
					FROM tb_login
					WHERE usuario_id = $p_user_id;";
		$t_result = datab_query($t_query);	
		
		# If result got en error
		if(is_string($t_result)) { trigger_error($t_result, E_ERROR); }
		
		# If result got more than one result
		if( sizeof($t_result) > 1 ) { trigger_error("MORE THAN ONE RESULT", E_ERROR); }
	
		$t_user_access = $t_result[0]['access'];
		
		/* Compare if level is in the permissions */
		if( is_array($t_access) ) {
			foreach ($t_access as $value) {
				if( $value == $t_user_access ) { return true; } //Found in
			}
			
			return false;
			
		/* strict to a level compare */
		} else { 
			if( $t_access == $t_user_access ) 
				return true;
			else
				return false;
		}
		
		trigger_error("ERRO ON COMPARE ACCESS", E_ERROR);
	}
	
	/**
	 * Get current user ID number.
	 * @return ID of the current logged user.
	 */
	function auth_get_current_user_id() {
		$t_user_name = strtoupper($_SESSION['USER']);
		
		if($t_user_name == '' || $t_user_name == NULL) { trigger_error("NO USER LOGGED", E_ERROR); }
		
		$t_query = "SELECT usuario_id AS id
					FROM tb_login
					WHERE user = $t_user_name;";
		$t_result = datab_query($t_query);	
		
		# If result got en error
		if(is_string($t_result)) { trigger_error($t_result, E_ERROR); }
		
		# If result got more than one result
		if( sizeof($t_result) > 1 ) { trigger_error("MORE THAN ONE RESULT", E_ERROR); }
	
		return datab_prepare_int('user_id', $t_result[0]['id']);
	}

	/**
	 * Prevents SQL injection.
	 * @param (string) $txt String to replace some symbols;
	 * @return Replaced string.
	 */
	function auth_anti_injection( $sql ) {
		  $sql = preg_replace("/(from|select|insert|delete|where|drop table|show tables|@|;|\"|\'|#|\*|--|\\\\)/i", "", $sql);
	    $sql = trim($sql);
	    $sql = strip_tags($sql);
	    $sql = (get_magic_quotes_gpc()) ? $sql : addslashes($sql);
	    return $sql; 
	}
	
	/**
	 * Generates a random password
	 * @param (int) $p_size Number of characters
	 */
	function auth_generate_password( $p_size ) {
		$t_base = "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
	
		for($i=0; $i<$p_size; $i++) {
			$result .= $t_base{rand(0, 52)};
		}
	
		return $result;
	}

?>